Protecting Web servers from octopus attacks

Denial-of-service (DoS) attacks are a major threat to the Internet and have not been completely solved in spite of much research effort. This paper deals with an important class of DoS attacks, called octopus attacks, which establish a flood of connections to a victim Web server and prevent legitima...

Full description

Saved in:
Bibliographic Details
Main Authors: Kobayashi, Y., Chen, E.Y., Oyama, Y., Yonezawa, A.
Format: Conference Proceeding
Language:English
Subjects:
Computer crime
Degradation
Floods
Internet
Joining processes
Monitoring
Network servers
Protection
Telecommunication traffic
Web server
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Denial-of-service (DoS) attacks are a major threat to the Internet and have not been completely solved in spite of much research effort. This paper deals with an important class of DoS attacks, called octopus attacks, which establish a flood of connections to a victim Web server and prevent legitimate users from connecting to the server. Octopus attacks cause serious performance degradation of the targeted server. In this paper, we propose an approach for protecting Web servers against octopus attacks. Our approach deploys an active monitor that monitors the network traffic arriving at a protected server. When there are an excessive number of connections to the server, this monitor resets the connection that is most likely to be an attacker's. We implemented this monitor on a Linux platform. Through experiments, we confirmed that our monitor enabled a Web server to provide service to legitimate users even when octopus attacks were made against the server
DOI:10.1109/SAINT.2006.52